Hi Enzo, Thanks for the reply. On Tue, Mar 29, 2022 at 8:49 PM Enzo Matsumiya <ematsumiya@xxxxxxx> wrote: > > On 03/29, Shyam Prasad N wrote: > >David: Do you know if making frequent calls to dns_query can possibly > >prevent expired keys from being cleaned up? > > The problem is that the key is being created with a permanent TTL: > > 2135708b I------ 1 perm 1f030000 0 0 keyring .dns_resolver: 2 > I'm seeing this issue while trying to validate the fix to this problem. In cases where dns_query gets called repeatedly, I'm seeing that dns_query returns -EKEYEXPIRED. I don't see the userspace utility even getting the upcall. I see that keyring gc is scheduled with a default interval of 5 min. But I don't see the situation recovering even after that. > But answering your question, if a request to the same key is done before > it expires, yes, it will extend its TTL. But, again, in the current > case, cifs is only doing unnecessary upcalls every 5s, while also > possibly getting outdated cached records. Again, I'm trying with Paulo's fix that sets a minimum upcall interval to 2 min. > > I sent my patch to fix this as RFC to David, but he probably missed. I'll > re-submit it to a public ML with him on CC. I'll let Dave comment on this. > > > Cheers, > > Enzo -- Regards, Shyam
